An update for mysql is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)
* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)
* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)
* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
Bug Fix(es):
* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22454)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2022-4899: Uncontrolled Resource Consumption (CWE-400) CVE-2023-21911 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CVE-2023-21935 CVE-2023-21940 CVE-2023-21945 CVE-2023-21946 CVE-2023-21947 CVE-2023-21953 CVE-2023-21955 CVE-2023-21962 CVE-2023-21966 CVE-2023-21972 CVE-2023-21976 CVE-2023-21977 CVE-2023-21980 CVE-2023-21982 CVE-2023-22005 CVE-2023-22007 CVE-2023-22008 CVE-2023-22032 CVE-2023-22033 CVE-2023-22038 CVE-2023-22046 CVE-2023-22048 CVE-2023-22053 CVE-2023-22054 CVE-2023-22056 CVE-2023-22057 CVE-2023-22058 CVE-2023-22059 CVE-2023-22064 CVE-2023-22065 CVE-2023-22066 CVE-2023-22068 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22097 CVE-2023-22103 CVE-2023-22104 CVE-2023-22110 CVE-2023-22111 CVE-2023-22112 CVE-2023-22113 CVE-2023-22114 CVE-2023-22115 CVE-2024-20960 CVE-2024-20961 CVE-2024-20962 CVE-2024-20963 CVE-2024-20964 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20968 CVE-2024-20969 CVE-2024-20970 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20974 CVE-2024-20976 CVE-2024-20977 CVE-2024-20978 CVE-2024-20981 CVE-2024-20982 CVE-2024-20983 CVE-2024-20984 CVE-2024-20985
|